Web Browsers Leave 'Fingerprints' Behind as You Surf the Net

San Francisco - New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures -- creating identifiable "fingerprints" that could be used to track you as you surf the Internet.

The findings were the result of an experiment EFF conducted with volunteers who visited http://panopticlick.eff.org/. The website anonymously logged the configuration and version information from each participant's operating system, browser, and browser plug-ins -- information that websites routinely access each time you visit -- and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser "fingerprints." Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable.

"We took measures to keep participants in our experiment anonymous, but most sites don't do that," said EFF Senior Staff Technologist Peter Eckersley. "In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are."

EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information your browser shares with the websites you visit. But overall, it is very difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves.

"Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability," said Eckersley. "We hope that browser developers will work to reduce these privacy risks in future versions of their code."

EFF's paper on Panopticlick will be formally presented at the Privacy Enhancing Technologies Symposium (PETS 2010) in Berlin in July.

For the full white paper: How Unique is Your Web Browser?:
https://panopticlick.eff.org/browser-uniqueness.pdf

For more details on Pantopticlick:
http://www.eff.org/deeplinks/2010/05/every-browser-unique-results-fom-panopticlick

For more on online behavioral tracking:
http://www.eff.org/issues/online-behavioral-tracking

Related Updates

On Thursday, EFF released a new version of Privacy Badger featuring a new, experimental way to protect your privacy on—and crucially, off—Facebook. It specifically targets link tracking, Facebook’s practice of following you whenever you click on a link to leave facebook.com. Download Privacy Badger What is link tracking...

Mark Zuckerberg, Facebook’s founder and CEO, thinks people want targeted advertising. The “overwhelming feedback,” he said multipletimes during his congressional testimony, was that people want to see “good and relevant” ads. Why then are so many Facebook users, including leaders of state in the U.S. Senate...

Last weekend’s Cambridge Analytica news—that the company was able to access tens of millions of users’ data by paying low-wage workers on Amazon’s Mechanical Turk to take a Facebook survey, which gave Cambridge Analytica access to Facebook’s dossier on each of those turkers’ Facebook friends—has hammered home two problems: first...

Recently Google and Apple announced plans to respond to complaints about online advertising. Both companies will implement changes to their browsers to neutralize some of the most annoying ad formats, but only Apple has chosen to address concerns around user privacy. Starting sometime in 2018, Google's Chrome browser will begin...

Republicans in Congress recently voted to repeal the FCC’s broadband privacy rules. As a result, your Internet provider may be able to sell sensitive information like your browsing history or app usage to advertisers, insurance companies, and more, all without your consent. In response, Internet users have been asking what...

It’s no surprise that Americans were unhappy to lose online privacy protections earlier this month. Across party lines, voters overwhelmingly oppose the measure to repeal the FCC’s privacy rules for Internet providers that Congress passed and President Donald Trump signed into law.
But it should come as a surprise...

This post is an UPDATE to a piece we originally published last week.
Verizon recently rolled out a new pilot project to pre-install on customers’ devices an app launcher/search tool that, we believe, is really just spyware. This software, called AppFlash, is preloaded on a new model...

We pay our monthly Internet bill to be able to access the Internet. We don’t pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to...

President Trump will soon be asked to sign into law a bill that gives tremendous power to some of the most hated companies in America, the cable and telephone industry. If he cares about protecting our privacy from the very special interests he campaigned against, he’ll veto the bill.
...

UPDATE: We have received additional information from Verizon and based on that information we are withdrawing this post while we investigate further. Here is the statement from Kelly Crummey, Director of Corporate Communications of Verizon: "As we said earlier this week, we are testing AppFlash to make app discovery better...